This Google Ads campaign pushes malware that your antivirus can’t pick up
Virtualized malware is here and your antivirus is not prepared
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Cybersecurity researchers have spotted a new advertising campaign on theGoogleAds network which pushes malware onto unsuspecting victims’endpoints. What makes this malvertising campaign different from others is the fact that the malware being distributed is almost impossible for today’s antivirus solutions to pick up.
The threat actors made it work by building code that can only be understood by virtual machines. If the victims run themalware, the virtual machine can translate the code back to its original code and run the malicious executive.
The researchers, from from SentinelLabs, explain the MO: “Virtualization frameworks such as KoiVM obfuscate executables by replacing the original code, such as NET Common Intermediate Language (CIL) instructions, with virtualized code that only the virtualization framework understands.”
Delivering Formbook
“A virtual machine engine executes the virtualized code by translating it into the original code at runtime.”
This type of malware also makes analysis difficult, the researchers added: “When put to malicious use, virtualization makes malware analysis challenging and also represents an attempt to evade static analysis mechanisms.”
The malware being distributed this way is Formbook, a known infostealer. Its virtualized version was dubbed “MalVirt”. To trick people into downloading the malware, the threat actors created a number of fake websites, pretending to be landing pages where people can download the Blender 3D software.
Security experts take down spam network hitting millions of iOS devices>Google AdWords is being hijacked by scammers>Check out the best ransomware protections right now
Blender 3D is a popular 3D modeling, rendering, and animation program.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
This is not the first time Google’s ad network was abused to deliver malware. In late December last year, researchers spotted a major campaign impersonating a number of popular programs and applications, such as Grammarly,MSIAfterburner, and Slack, to deliver IceID and Racoon Stealer, both known infostealing malware.
Malicious campaigns that make their way to Google Ads are arguably more dangerous, as people tend to trust major tech companies by default. Still, the best way to stay safe is to always double-check the address of the website, regardless of if it’s being advertised on Google or not.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
